rule Linux_Exploit_Local_47c64fb6 {
    meta:
        author = "Elastic Security"
        id = "47c64fb6-cfa6-4350-a41f-870b87116b32"
        fingerprint = "aa286440061fb31167f314111dde7c2f596357b41fb6a5656216892fee6bf56e"
        creation_date = "2021-01-12"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "0caa9035027ff88788e6b8e43bfc012a367a12148be809555c025942054a6360"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { F4 C6 00 FF 8B 45 F4 40 C6 00 25 8B 45 F4 83 C0 02 C7 00 08 00 }
    condition:
        all of them
}

rule Linux_Exploit_Local_76c24b62 {
    meta:
        author = "Elastic Security"
        id = "76c24b62-e04f-410d-b7cb-668daa9aea20"
        fingerprint = "907cb776c9200b715c5b20475c2d4b16cb55c607dfb4b57bd3bd95368ce66257"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "330de2ca1add7e06389d94dfc541c367a484394c51663b26d27d89346b08ad1b"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 00 00 00 31 DB 89 D8 B0 17 CD 80 31 C0 50 50 B0 }
    condition:
        all of them
}

rule Linux_Exploit_Local_30c21b03 {
    meta:
        author = "Elastic Security"
        id = "30c21b03-22fc-4ec8-8b65-084e98da8d8d"
        fingerprint = "8112c4a9bce4b4c9407e851849a5850fa36591570694950a4b53e8a09a1dd92b"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "a09c81f185a4ceed134406fa7fefdfa7d8dfc10d639dd044c94fbb6d570fa029"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 1B CD 80 31 DB 89 D8 B0 17 CD 80 31 C0 50 50 B0 }
    condition:
        all of them
}

rule Linux_Exploit_Local_9ace9649 {
    meta:
        author = "Elastic Security"
        id = "9ace9649-c74a-4b27-a147-d14123104c0a"
        fingerprint = "2e526d7ec47a30c7683725c2d2c3db0a8267630bb0f270599325d50227f6ae29"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "b38869605521531153cfd8077f05e0d6b52dca0fffbc627a4d5eaa84855a491c"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 31 C0 31 DB 31 C9 B0 46 CD 80 31 C0 50 68 2F }
    condition:
        all of them
}

rule Linux_Exploit_Local_705c9589 {
    meta:
        author = "Elastic Security"
        id = "705c9589-f735-45ef-8cf0-b99a05905a9f"
        fingerprint = "d75edca622f0ab8a0b60c4ba5c1026c89d3613c0e101c5c12c03ee08cb7c576e"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "845727ea46491b46a665d4e1a3a9dbbe6cd0536d070f1c1efd533b91b75cdc88"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 51 53 8D 0C 24 31 C0 B0 0B CD 80 31 C0 B0 01 CD }
    condition:
        all of them
}

rule Linux_Exploit_Local_a677fb9c {
    meta:
        author = "Elastic Security"
        id = "a677fb9c-0271-4491-a7c7-48504b6ec389"
        fingerprint = "b7916eefad806131b39af5f9bef27648e2444c9a9c95216b520d73e64fa734f0"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "d20b260c7485173264e3e674adc7563ea3891224a3dc98bdd342ebac4a1349e8"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 89 C0 89 45 EC 83 7D EC FF 75 1A 83 EC 0C 68 }
    condition:
        all of them
}

rule Linux_Exploit_Local_78e50162 {
    meta:
        author = "Elastic Security"
        id = "78e50162-8f1e-4c78-94fe-9b793b006269"
        fingerprint = "a5771dad186d0c23d25efb7b22b11aa0a67148cf6efb9657b09ca6e160c192aa"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "706c865257d5e1f5f434ae0f31e11dfc7e16423c4c639cb2763ec0f51bc73300"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 90 90 90 31 C0 31 DB B0 17 CD 80 31 C0 B0 2E CD }
    condition:
        all of them
}

rule Linux_Exploit_Local_3b767a1f {
    meta:
        author = "Elastic Security"
        id = "3b767a1f-5844-4742-a5fd-ef8a3ddb6c12"
        fingerprint = "2bc0dc4de92306076cda6f2d069855b85861375c8b7eb5324f915a1ed10c39e5"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "e05fed9e514cccbdb775f295327d8f8838b73ad12f25e7bb0b9d607ff3d0511c"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { E3 50 53 89 E1 89 C2 B0 0B CD 80 89 C3 31 C0 40 }
    condition:
        all of them
}

rule Linux_Exploit_Local_2535c9b6 {
    meta:
        author = "Elastic Security"
        id = "2535c9b6-a575-4190-8e33-88758675e5b4"
        fingerprint = "4ec419bfd0ac83da2f826ba4cbd6a4b05bbd7b6f6cc077529ec4667b7d2f761a"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "d0f9cc114f6a1f788f36e359e03a9bbf89c075f41aec006229b6ad20ebbfba0b"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { E8 63 F9 FF FF 83 7D D8 FF 75 14 BF 47 12 40 00 }
    condition:
        all of them
}

rule Linux_Exploit_Local_6a9b5d50 {
    meta:
        author = "Elastic Security"
        id = "6a9b5d50-3cd4-4b64-9a52-713e1a8f02b2"
        fingerprint = "7eea1345492359984e9be089c3e7339b79927abcff0ae4a40a713e956bb25919"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "80ab71dc9ed2131b08b5b75b5a4a12719d499c6b6ee6819ad5a6626df4a1b862"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { E8 ?? F9 FF FF 83 7D D8 FF 75 14 BF ?? 13 40 00 }
    condition:
        all of them
}

rule Linux_Exploit_Local_66557224 {
    meta:
        author = "Elastic Security"
        id = "66557224-2c7a-4770-8333-8984d4a7b3f7"
        fingerprint = "88503c2e1e389866962704a8b19a47c22f758bb2cee9b76600e5d9bab125d4ca"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "f58151a2f653972e744822cdc420ab1c2b8b642877d3dfa2e8b2b6915e8edf40"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { FF FF 83 BD E4 FB FF FF FF 75 1A 83 EC 0C 68 24 }
    condition:
        all of them
}

rule Linux_Exploit_Local_6229602f {
    meta:
        author = "Elastic Security"
        id = "6229602f-1c88-46fa-8fae-a6268ed6d632"
        fingerprint = "b26b21518fd436d79d6a23dbf3d7056b7c056e4df6639718e285de096476f61d"
        creation_date = "2021-04-06"
        last_modified = "2021-09-16"
        threat_name = "Linux.Exploit.Local"
        reference_sample = "4fdb15663a405f6fc4379aad9a5021040d7063b8bb82403bedb9578d45d428fa"
        severity = 100
        arch_context = "x86"
        scan_context = "file, memory"
        license = "Elastic License v2"
        os = "linux"
    strings:
        $a = { 89 C0 89 45 FC 83 7D FC 00 7D 17 68 ?? ?? 04 08 }
    condition:
        all of them
}

